/snowcamp-io-kiali

Code for my Kiali presentation at SnowCamp 2019

Apache License 2.0Apache-2.0

Instructions to deploy Istio and Kiali on a running Kubernetes cluster.

Prerequisites

  • A working Kubernetes cluster.
  • kubectl installed in the PATH with a working configuration.
  • Admin role on the Kubernetes cluster.
  • helm client installed in the PATH.

minikube notes

minikube works fine and is easy to deploy provided that you have at 4 CPUs and 8GB of RAM to dedicate.

It also supports services of type LoadBalancer with minikube tunnel.

Steps

Download the Istio release

curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.1.6 sh -
cd istio-1.1.6
export PATH=$PWD/bin:$PATH

Install Istio CRDs

kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml

Deploy Istio

This uses the Helm client to render the Kubernetes manifest locally.

# LoadBalancer requires a Kubernetes cluster that supports this flavor. Set it to NodePort otherwise.
# The Grafana and Jaeger URLs will be accessed through port-forward (see below).
# This enables tracing with 25% of requests sampled.
helm template install/kubernetes/helm/istio --name istio \
    --namespace istio-system \
    --set gateways.enabled=true --set gateways.istio-ingressgateway.type=LoadBalancer \
    --set kiali.enabled=false \
    --set kiali.dashboard.grafanaURL=http://localhost:3000/ --set kiali.dashboard.jaegerURL=http://localhost:16686/ \
    --set prometheus.tag=v2.9.2 \
    --set grafana.enabled=true --set grafana.image.tag=6.1.6 \
    --set tracing.enabled=true --set pilot.traceSampling=25.0 \
    > /tmp/istio.yml


kubectl create namespace istio-system
kubectl apply -f /tmp/istio.yml

# Delete the default ingress gateway that we won't use anyway.
kubectl delete gateways/istio-autogenerated-k8s-ingress

OpenShift variant:

...
--set global.proxy.privileged=true
...

Deploy Kiali

Kiali is deployed using an operator. There's a Bash script in the Kiali project that will setup everything.

bash <(curl -L https://git.io/getLatestKialiOperator)

Note: if using Openshift, you will have the choice to leverage OpenShift OAuth for login.

Check the deployment

kubectl config set-context --current --namespace=istio-system
kubectl get pods

All pods should be either Running or Completed.

NAME                                      READY     STATUS      RESTARTS   AGE
grafana-65bfcb7f7b-bmrx7                  1/1       Running     0          153m
istio-citadel-856f994c58-l5z7j            1/1       Running     0          153m
istio-cleanup-secrets-4dhgt               0/1       Completed   0          153m
istio-egressgateway-5649fcf57-4rz6m       1/1       Running     0          153m
istio-galley-7665f65c9c-6596c             1/1       Running     0          153m
istio-grafana-post-install-h5k9s          0/1       Completed   0          153m
istio-ingressgateway-6755b9bbf6-rhcvl     1/1       Running     0          153m
istio-pilot-56855d999b-5wqcm              2/2       Running     0          153m
istio-policy-6fcb6d655f-txwl5             2/2       Running     0          153m
istio-security-post-install-fh8z4         0/1       Completed   0          153m
istio-sidecar-injector-768c79f7bf-hczjm   1/1       Running     0          153m
istio-telemetry-664d896cf5-rw8wg          2/2       Running     0          153m
istio-tracing-6b994895fd-f4j8j            1/1       Running     0          153m
kiali-67c69889b5-ljsmm                    1/1       Running     0          153m
prometheus-5b8d8fcbdc-xzjzx               1/1       Running     0          149m

Access the Kiali UI

In a separate Shell terminal, run:

kubectl port-forward svc/kiali 20001

Then go to http://localhost:20001/ to access the Kiali dashboard.

For OpenShift, you can just create a route.

oc expose service kiali -n istio-system

Access the other dashboards

In separate terminals, run:

kubectl port-forward -n istio-system svc/prometheus 9090
kubectl port-forward -n istio-system svc/grafana 3000
kubectl port-forward -n istio-system svc/tracing 16686:80

For OpenShift, you can just create routes.

oc expose service prometheus -n istio-system
oc expose service grafana -n istio-system
oc expose service tracing -n istio-system

Simple application scenario

See the httpbin scenario.

Microservices scenario

See the bookinfo scenario.

License

Apache License 2.0, see LICENSE.